pgp: Unregister the "check_signatures" hooks on module unload

Daniel Kiper via Grub-devel Tue, 18 Feb 2025 10:05:15 -0800

From: B Horn <b...@horn.uk>

If the hooks are not removed they can be called after the module has
been unloaded leading to an use-after-free.


Fixes: CVE-2025-0622

Reported-by: B Horn <b...@horn.uk>
Signed-off-by: B Horn <b...@horn.uk>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
---
 grub-core/commands/pgp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
index c6766f044..5fadc33c4 100644
--- a/grub-core/commands/pgp.c
+++ b/grub-core/commands/pgp.c
@@ -1010,6 +1010,8 @@ GRUB_MOD_INIT(pgp)
 
 GRUB_MOD_FINI(pgp)
 {
+  grub_register_variable_hook ("check_signatures", NULL, NULL);
+  grub_env_unset ("check_signatures");
   grub_verifier_unregister (&grub_pubkey_verifier);
   grub_unregister_extcmd (cmd);
   grub_unregister_extcmd (cmd_trust);
-- 
2.11.0


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[SECURITY PATCH 38/73] commands/pgp: Unregister the "check_signatures" hooks on module unload

Reply via email to